TCP blocked outside local network? - Redhat

This is a discussion on TCP blocked outside local network? - Redhat ; I help administer a small research network containing machines using MacOS X, Mandriva Linux, and SUSe Linux for the most part, with a few Windows boxes thrown in. I have been playing with Linux for quite awhile, but am completely ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: TCP blocked outside local network?

  1. TCP blocked outside local network?

    I help administer a small research network containing machines using
    MacOS X, Mandriva Linux, and SUSe Linux for the most part, with a few
    Windows boxes thrown in. I have been playing with Linux for quite
    awhile, but am completely stumped with this one. Most of my
    experience is with Mandriva rather than Red Hat, and I'm hoping this
    is a Red Hat configuration issue.

    A user brought in a Red Hat box. /etc/redhat-release gives:

    LSB_VERSION="1.3"
    Red Hat Enterprise Linux AS release 3 (Taroon Update 4)
    SGI ProPack 3SP6 for Linux, Build 306rp37-0508301842

    uname -a gives:
    Linux mymachine.mynetwork.com 2.4.21-sgi306rp21 #1 SMP Tue Aug 30
    18:51:36 PDT 2005 ia64 ia64 ia64 GNU/Linux

    My problem is this:

    I cannot get any of the tcp-based clients to work for any addresses
    outside my local domain. They work fine inside my local domain. The
    local domain is behind a firewall that does network address
    translation.

    Here's what I've found:

    1) It affects all tcp clients I try-- ssh, telnet, mozilla.
    2) UDP works OK -- I can ping the outside world
    3) Changing the ip address of the box to another one within the local
    domain does not help
    4) No other linux, windows or mac box has a problem
    5) My firewall (and there is one) filters on the basis of ip address,
    not mac address, and does not have any rule that targets this machine.
    6) Iptables is turned off, or at least that's what it says when I do "/
    etc/init.d/iptables stop."
    7) I can ssh, telnet, etc. within the local domain
    8) I can ssh *into* the box (the sshd server works fine) from within
    the local network. I can also do an ssh tunnel using port forwarding
    through the firewall (though that looks local to the machine). I can
    do Xforwarding and open an xterm on a machine out in the world.
    8) nc is also stumped. It can connect to a port on the back of the
    firewall, but can't get past it.

    Thus, for instance, on the Mandriva box I get:

    mandriva_box% nc -v www.google.com 80
    DNS fwd/rev mismatch: www.l.google.com != yo-in-f99.google.com
    ....
    www.l.google.com [64.233.169.99] 80 (http) open

    but on the Red Hat box I get:

    redhat box% nc -v www.google.com 80
    DNS fwd/rev mismatch: www.l.google.com != yo-in-f104.google.com
    ....


    I *cannot* find any rules in my firewall that would do this. As I
    noted, this problem is specific to *this* machine -- none of the other
    machines behind the firewall. Changing the ip address of this machine
    to that of a machine that is not having the problem does not help.

    I'm hoping there's some Red Hat security configuration that limits TCP
    traffic. I am not all that familiar with the Red Hat configuration
    tools. I *did* turn off the firewall using redhat-config-
    securitylevels, but that did not change anything.

    Any ideas would be greatly appreciated. We in the lab have broken
    into two groups -- those who are convinced it's the firewall, even
    though nobody can see any problems with it, and those who are
    convinced it must be configuration issue on the Red Hat box, even
    though we can't find a configuration file that says "don't allow TCP
    anywhere outside the local domain."

    Thanks!

    billo










  2. Re: TCP blocked outside local network?

    On Thu, 28 Aug 2008, in the Usenet newsgroup linux.redhat, in article
    <8718cdd8-d679-4b1c-9d8b-7d9f647d1ae7@s50g2000hsb.googlegroups.com>,
    billo@radix.net wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.

    >uname -a gives:
    >Linux mymachine.mynetwork.com 2.4.21-sgi306rp21 #1 SMP Tue Aug 30
    >18:51:36 PDT 2005 ia64 ia64 ia64 GNU/Linux


    Bit on the old side

    >1) It affects all tcp clients I try-- ssh, telnet, mozilla.


    The error message...

    >2) UDP works OK -- I can ping the outside world
    >3) Changing the ip address of the box to another one within the local
    >domain does not help


    OK

    >4) No other linux, windows or mac box has a problem
    >5) My firewall (and there is one) filters on the basis of ip address,
    >not mac address, and does not have any rule that targets this machine.
    >6) Iptables is turned off, or at least that's what it says when I do "/
    >etc/init.d/iptables stop."


    On this box - /sbin/iptables -L
    On this box - cat /etc/hosts.allow
    On this box - cat /etc/hosts.deny

    >8) nc is also stumped. It can connect to a port on the back of the
    >firewall, but can't get past it.


    On this box, and another that works /usr/sbin/tcpdump -ni eth0
    then run some simple TCP based application, such as

    ftp ibiblio.org

    >We in the lab have broken into two groups -- those who are convinced
    >it's the firewall, even though nobody can see any problems with it,


    tcpdump should show that. Another thing that might give a hint is
    '/bin/netstat -anptu' _during_ connection attempts.

    >and those who are convinced it must be configuration issue on the Red
    >Hat box, even though we can't find a configuration file that says
    >"don't allow TCP anywhere outside the local domain."


    firewall on this box? Don't forget this _COULD_ still be running
    IPCHAINS - it would show that in '/sbin/ipchains -L'. The only other
    thing 'tcp_wrappers' or 'libwrap' should only show up on services that
    are running on this box, not remote stuff.

    Old guy

+ Reply to Thread